Question 1

How do I set up sanitize-html to clean HTML from a rich text editor?

Accepted Answer

Install the library from the monorepo, create a whitelist configuration specifying allowed tags and attributes, then pass the editor output through the sanitize function. Test thoroughly to ensure no desired markup is stripped.

Question 2

Sanitize-html or DOMPurify: which is better for preventing XSS?

Accepted Answer

Sanitize-html offers more granular control via whitelisting, ideal for custom needs, while DOMPurify is easier for basic use and works in browsers. However, sanitize-html is deprecated, so DOMPurify might be safer for new projects.

Question 3

Is sanitize-html still maintained and safe to use?

Accepted Answer

The standalone repository is deprecated with no active maintenance, though the monorepo version may receive updates. For production, consider alternatives or use the monorepo with caution due to potential breaking changes.

Question 4

How to allow images with specific attributes in sanitize-html?

Accepted Answer

Whitelist the 'img' element and specify allowed attributes like 'src' and 'alt' in the configuration. You can also add custom filters to validate URLs or other properties for security.

Question 5

What are common pitfalls when using sanitize-html's whitelist?

Accepted Answer

Missing nested elements, forgetting to permit necessary attributes for functionality, and not accounting for edge cases in user input can lead to broken content or security vulnerabilities. Always review and test configurations.

Question 6

How to migrate from the old sanitize-html repo to the new monorepo?

Accepted Answer

Follow the link in the README to the apostrophe monorepo, check for any API changes or updates in the package, and adjust your installation and imports accordingly. The core functionality should remain similar.

sanitize-html

What is sanitize-html?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions